Forum Discussion
How to stop mail sending IMMEDIATELY if account compromised
We have a compromised credential, sending out bad emails. We have reset the password, run a "Revoke-AzureADUserAllRefreshToken" on the user's account. If we have reason to believe a malicious us...
Hi Brent,
The fastest way is to create a Transport Rule to avoid that, because the token's could take some time to take effect.
Changing password doesnt invalidate access tokens though, I think this is still not rolled in to the service. So as Nuno suggested, some additional actions might be required to immediatelly block access. I've seen also people disabling mail protocols (Set-CasMailbox) or changing the mailbox quota to something below the limit, etc.